The result of a blogging accident

Clearing the “Mounted Devices” database in Windows

Something I found useful when doing image deployment of Windows: being able to clear the mount devices list. In some instances, Windows will not boot properly or it will boot from the wrong device until you do it. You don’t need to do this with sysprep (it does it for you), however sysprep won’t work in an iSCSI configuration due to redetecting the network card and resetting all the iSCSI configuration.

For this, you can use the chntpw utility.

First of all, mount the Windows partition.

Then crack it open with chntpw’s registry editor, and remove the entries.

# chntpw -e WINDOWS/system32/config/system
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
Hive  name (from header):
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c
Page at 0x54f000 is not 'hbin', assuming file contains garbage at end
File size 5767168 [580000] bytes, containing 1254 pages (+ 1 headerpage)
Used for data: 108658/5500560 blocks/bytes, unused: 1836/21680 blocks/bytes.Simple registry editor. ? for help.> cd MountedDevices

You can now show the mounted devices table. This one is populated with a bunch of stuff:

\MountedDevices> ls
Node has 0 subkeys and 8 values
  size     type            value name             [value if type DWORD]
    12  REG_BINARY        <\??\Volume{a04045a6-480a-11df-8146-806d6172696f}>
    12  REG_BINARY        <\??\Volume{a04045a7-480a-11df-8146-806d6172696f}>
   238  REG_BINARY        <\??\Volume{a04045a8-480a-11df-8146-806d6172696f}>
   164  REG_BINARY        <\??\Volume{a04045a9-480a-11df-8146-806d6172696f}>
    12  REG_BINARY        <\DosDevices\C:>
    12  REG_BINARY        <\DosDevices\D:>
   164  REG_BINARY        <\DosDevices\A:>
   238  REG_BINARY        <\DosDevices\E:>

Removing it is as simple as the ‘delallv’ command.

\MountedDevices> delallv\MountedDevices> qHives that have changed:
 #  Name
Write hive files? (y/n) [n] : y
 0   - OK

And then it’s done. You can unmount the partition, and boot Windows again.